From e3e4d739864a63956bba213365521e078e9948e1 Mon Sep 17 00:00:00 2001 From: Ralph Castain Date: Fri, 24 Jun 2016 17:01:49 -0700 Subject: [PATCH] Need to be a little more careful when checking the range on a publish/lookup operation. If the range was constrained at publish, then we need to check that the lookup fits within that constraint. Otherwise, we should provide the data. More detailed constraint checking will be provided later. --- orte/orted/pmix/pmix_server_pub.c | 13 +++++++--- orte/runtime/orte_data_server.c | 40 +++++++++++++++++++++++-------- 2 files changed, 40 insertions(+), 13 deletions(-) diff --git a/orte/orted/pmix/pmix_server_pub.c b/orte/orted/pmix/pmix_server_pub.c index 5283cdef7d9..a0c02fd90c8 100644 --- a/orte/orted/pmix/pmix_server_pub.c +++ b/orte/orted/pmix/pmix_server_pub.c @@ -121,7 +121,7 @@ int pmix_server_publish_fn(opal_process_name_t *proc, pset = false; OPAL_LIST_FOREACH(iptr, info, opal_value_t) { if (0 == strcmp(iptr->key, OPAL_PMIX_RANGE)) { - range = (opal_pmix_data_range_t)iptr->data.integer; + range = (opal_pmix_data_range_t)iptr->data.uint; if (pset) { break; } @@ -136,7 +136,7 @@ int pmix_server_publish_fn(opal_process_name_t *proc, } /* pack the range */ - if (OPAL_SUCCESS != (rc = opal_dss.pack(&req->msg, &range, 1, OPAL_INT))) { + if (OPAL_SUCCESS != (rc = opal_dss.pack(&req->msg, &range, 1, OPAL_PMIX_DATA_RANGE))) { ORTE_ERROR_LOG(rc); OBJ_RELEASE(req); return rc; @@ -211,10 +211,17 @@ int pmix_server_lookup_fn(opal_process_name_t *proc, char **keys, return rc; } + /* pack the requesting process jobid */ + if (OPAL_SUCCESS != (rc = opal_dss.pack(&req->msg, &proc->jobid, 1, ORTE_JOBID))) { + ORTE_ERROR_LOG(rc); + OBJ_RELEASE(req); + return rc; + } + /* no help for it - need to search for range */ OPAL_LIST_FOREACH(iptr, info, opal_value_t) { if (0 == strcmp(iptr->key, OPAL_PMIX_RANGE)) { - range = (opal_pmix_data_range_t)iptr->data.integer; + range = (opal_pmix_data_range_t)iptr->data.uint; break; } } diff --git a/orte/runtime/orte_data_server.c b/orte/runtime/orte_data_server.c index c43dca06a89..e6873fe148f 100644 --- a/orte/runtime/orte_data_server.c +++ b/orte/runtime/orte_data_server.c @@ -69,6 +69,9 @@ typedef struct { static void construct(orte_data_object_t *ptr) { ptr->index = -1; + ptr->uid = UINT32_MAX; + ptr->range = OPAL_PMIX_RANGE_UNDEF; + ptr->persistence = OPAL_PMIX_PERSIST_SESSION; OBJ_CONSTRUCT(&ptr->values, opal_list_t); } @@ -172,9 +175,10 @@ void orte_data_server(int status, orte_process_name_t* sender, char **keys = NULL, *str; bool ret_packed = false, wait = false, data_added; int room_number; - uint32_t uid; + uint32_t uid = UINT32_MAX; opal_pmix_data_range_t range; orte_data_req_t *req, *rqnext; + orte_jobid_t jobid; OPAL_OUTPUT_VERBOSE((1, orte_debug_output, "%s data server got message from %s", @@ -206,7 +210,7 @@ void orte_data_server(int status, orte_process_name_t* sender, switch(command) { case ORTE_PMIX_PUBLISH_CMD: data = OBJ_NEW(orte_data_object_t); - /* unpack the requestor */ + /* unpack the publisher */ count = 1; if (ORTE_SUCCESS != (rc = opal_dss.unpack(buffer, &data->owner, &count, OPAL_NAME))) { ORTE_ERROR_LOG(rc); @@ -221,7 +225,7 @@ void orte_data_server(int status, orte_process_name_t* sender, /* unpack the range */ count = 1; - if (ORTE_SUCCESS != (rc = opal_dss.unpack(buffer, &data->range, &count, OPAL_INT))) { + if (ORTE_SUCCESS != (rc = opal_dss.unpack(buffer, &data->range, &count, OPAL_PMIX_DATA_RANGE))) { ORTE_ERROR_LOG(rc); OBJ_RELEASE(data); goto SEND_ERROR; @@ -261,8 +265,13 @@ void orte_data_server(int status, orte_process_name_t* sender, if (req->uid != data->uid) { continue; } - if (req->range != data->range) { - continue; + /* if the published range is constrained to namespace, then only + * consider this data if the publisher is + * in the same namespace as the requestor */ + if (OPAL_PMIX_RANGE_NAMESPACE == data->range) { + if (jobid != data->owner.jobid) { + continue; + } } for (i=0; NULL != req->keys[i]; i++) { /* cycle thru the data keys for matches */ @@ -344,9 +353,16 @@ void orte_data_server(int status, orte_process_name_t* sender, ORTE_NAME_PRINT(ORTE_PROC_MY_NAME), ORTE_NAME_PRINT(sender))); + /* unpack the requestor's jobid */ + count = 1; + if (ORTE_SUCCESS != (rc = opal_dss.unpack(buffer, &jobid, &count, ORTE_JOBID))) { + ORTE_ERROR_LOG(rc); + goto SEND_ERROR; + } + /* unpack the range - this sets some constraints on the range of data to be considered */ count = 1; - if (ORTE_SUCCESS != (rc = opal_dss.unpack(buffer, &range, &count, OPAL_INT))) { + if (ORTE_SUCCESS != (rc = opal_dss.unpack(buffer, &range, &count, OPAL_PMIX_DATA_RANGE))) { ORTE_ERROR_LOG(rc); goto SEND_ERROR; } @@ -409,13 +425,17 @@ void orte_data_server(int status, orte_process_name_t* sender, if (NULL == data) { continue; } - /* can only access data posted by the same user id */ + /* for security reasons, can only access data posted by the same user id */ if (uid != data->uid) { continue; } - /* if the range doesn't match, then we cannot consider it */ - if (range != data->range) { - continue; + /* if the published range is constrained to namespace, then only + * consider this data if the publisher is + * in the same namespace as the requestor */ + if (OPAL_PMIX_RANGE_NAMESPACE == data->range) { + if (jobid != data->owner.jobid) { + continue; + } } /* see if we have this key */ OPAL_LIST_FOREACH(iptr, &data->values, opal_value_t) {